Adobe Security Updates – April 2018

Adobe, This Tuesday as always released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 6 advisories and 19 vulnerabilities , with 6 of them rated critical, 12 are rated important and 1 as moderate in severity. These vulnerabilities impact Adobe PhoneGap Push plugin, ColdFusion, Adobe Digital Editions, Adobe InDesign CC, Adobe Experience Manager and Adobe Flash Player.

The critical patches are for Adobe Flash Player, Adobe InDesign CC and ColdFusion.

The wild one …

Adobe Flash has finally touched the Speed Force and is proving to be even faster than The Flash. If you don’t need it, GET RID OF IT! That’s the best advice as far as Adobe Flash can go. ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. Exploit code samples started showing up in the wild a few days ago. Since the exploit was folded into ThreadKit, examples of fiendish files leverage this latest Flash bug began appearing in antivirus engines. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current user.

ColdFusion, a rapid web application development platform is fused with multiple vulnerabilities that could lead to code injection, information disclosure, unsafe Java deserialization, unsafe XML parsing and insecure library loading. The risks are critical and are advised to be patch immediately.

The corrupted design …

Adobe InDesign CC, a desktop publishing software is infected with a critical memory corruption vulnerability caused by unsafe parsing of a specially crafted .inx file. The security flaw, if exploited, can lead to arbitrary code execution, while the slightly less dangerous issue can lead to local privilege escalation. The vulnerability is rated as important.